From b32b11c7116f6e5730a8860a7e1986f269b5c3c4 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Tue, 16 Apr 2024 11:33:56 -0700 Subject: [PATCH] Enable per-contact file sharing permissions --- extensions/profile_value.go | 9 +++++++++ functionality/filesharing/image_previews.go | 10 +++++++++- peer/cwtch_peer.go | 1 - 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/extensions/profile_value.go b/extensions/profile_value.go index 4e62e2f..dc3ee30 100644 --- a/extensions/profile_value.go +++ b/extensions/profile_value.go @@ -104,6 +104,15 @@ func (pne ProfileValueExtension) OnContactRequestValue(profile peer.CwtchPeer, c val, exists = profile.GetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name) } + // NOTE: Cwtch 1.15+ requires that profiles be able to restrict file downloading to specific contacts. As such we need an ACL check here + // on the fileshareing zone. + // TODO: Split this functionality into FilesharingFunctionality, and restrict this function to only considering Profile zoned attributes? + if zone == attr.FilesharingZone { + if !conversation.GetPeerAC().ShareFiles { + return + } + } + // Construct a Response resp := event.NewEvent(event.SendRetValMessageToPeer, map[event.Field]string{event.ConversationID: strconv.Itoa(conversation.ID), event.RemotePeer: conversation.Handle, event.Exists: strconv.FormatBool(exists)}) resp.EventID = eventID diff --git a/functionality/filesharing/image_previews.go b/functionality/filesharing/image_previews.go index c07634b..3690435 100644 --- a/functionality/filesharing/image_previews.go +++ b/functionality/filesharing/image_previews.go @@ -62,7 +62,15 @@ func (i *ImagePreviewsFunctionality) OnEvent(ev event.Event, profile peer.CwtchP if err == nil { for _, ci := range conversations { if profile.GetPeerState(ci.Handle) == connections.AUTHENTICATED { - profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey) + // if we have enabled file shares for this contact, then send them our profile image + // NOTE: In the past, Cwtch treated "profile image" as a public file share. As such, anyone with the file key and who is able + // to authenticate with the profile (i.e. non-blocked peers) can download the file (if the global profile images experiment is enabled) + // To better allow for fine-grained permissions (and to support hybrid group permissions), we want to enable per-conversation file + // sharing permissions. As such, profile images are now only shared with contacts with that permission enabled. + // (i.e. all previous accepted contacts, new accepted contacts, and contacts who have this toggle set explictly) + if ci.GetPeerAC().ShareFiles { + profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey) + } } } } diff --git a/peer/cwtch_peer.go b/peer/cwtch_peer.go index fbe26d4..d53c3a1 100644 --- a/peer/cwtch_peer.go +++ b/peer/cwtch_peer.go @@ -1610,7 +1610,6 @@ func (cp *cwtchPeer) eventHandler() { conversationInfo, err := cp.FetchConversationInfo(onion) log.Debugf("confo info lookup newgetval %v %v %v", onion, conversationInfo, err) - // only accepted contacts can look up information if conversationInfo != nil && conversationInfo.GetPeerAC().ExchangeAttributes { // Type Safe Scoped/Zoned Path zscope := attr.IntoScope(scope)